This notice applies to two primary groups of individuals with whom MTN has, had or may in the future have an employment relationship:

• current employees of MTN (whether they are employed on a permanent, temporary, or fixed-term contract including interns, secondees, and graduates);
• former/past employees of MTN.

(collectively referred to as “MTN Employees” / “you” / “your”).

Where there are differences in the Processing of Personal Data by MTN with respect to current employees compared to former employees, we have made this clear through the use of sub-headings. Where there are no such sub-headings then the Processing applies to both current employees and former employees.

To run our business, MTN collects, uses, and stores Personal Data about MTN Employees.

Current Employees

In addition to the information collected about you during the recruitment process, we also collect, use, and store the following additional information in respect of current employees:

• Detailed identification information (e.g., name, position, title, office location, business telephone number, date of birth, picture, identity document number, passport numbers and other national ID numbers as required, employment identification number, private email and/or postal address, residential address, and car registration number);
• Electronic identification data (e.g., login information, access rights, badge number, IP address, online identifiers/cookies, logs, connection time, sound, or image recordings such as CCTV, video, and voice recordings);
• Personal and physical characteristics (e.g., gender assigned at birth, immigration status, and physical characteristics);
• Family information (e.g., marital status, marriage certificate, and number of children);
• Education and employment information (e.g., remuneration, bonus, pension entitlements, insurance and other benefits information, employment dates such as dates of hiring/promotion/position change, performance evaluation, position information such as position title and reference number, attendance information including, where relevant, illness or leaves of absence for medical or other reasons, language skills, and training, education, and development information);
• National Identification Number (NIN), tax identifying number; social security number, or local equivalent;
• Signatures (both handwritten and electronic).
• Financial information (e.g., bank account details, professional credit card numbers, tax‑related information, and, where relevant, information relating to account transactions and dealings); and
• Data from the use of company assets and systems (e.g., where relevant, information about how you may use IT systems and hardware, records of calls logs, and other Personal Data that may be processed as a result of the monitoring of the employees carried out in accordance with MTN’s relevant and applicable policies);
• Information relevant to the administration of benefits: (e.g., to the extent that you are entitled to medical aid and/or provident fund/pension fund benefits, we will only collect the Personal Data prescribed by the relevant service provider in order to Process your application for these benefits and/or to administer these benefits. The Personal Data required may include, but is not limited to, Personal Data of dependents of your medical aid plan and/or beneficiaries of your provident fund/pension fund).

Former employees

MTN continues to store the above information (related to current employees) in respect of former employees, insofar as this information was collected during the former employee’s employment with MTN and subject to MTN’s retention policies and procedures.

In some cases, the Personal Data of MTN Employees that we collect will also include Sensitive Personal Data, such as:

• Diversity-related information (including data about citizenship and status of citizenship applications, racial and ethnic origin);
• Religious beliefs and other beliefs of a similar nature;
• Health data (such as medical records, sickness records, vaccination status, and disability records);
• Data about alleged or proven criminal offenses; and
• Biometric information.

During your employment with MTN, most of the Personal Data will be collected directly from you. However, there are also occasions when it is necessary to collect Personal Data from indirect sources for example, we collect Personal Data from:

• other employees / third parties as part of the performance appraisal process;
• other employees / third parties as part of any disciplinary proceedings;
• whistleblowers who include information about you in their reporting to us; and/or
• a customer who may refer to you in their complaint or compliment correspondence.

MTN is committed to only processing Personal Data for specified, explicit, and legitimate purposes related to its business activities. The general purposes for which MTN may Process your Personal Data are explained below.

Current Employees

We Process the Personal Data of current employees to inter alia:

• administer, plan, and manage our personnel (including task, benefits and absence management, succession planning, staff turnover, transfers and promotions, conducting checks if you move role within MTN, internal workforce analysis, and planning, the collection of trade union membership fees, issuing tax declaration forms and filing the related data, and employee participation programs);
• assist us in managing external providers (e.g., insurance companies, pension funds, medical insurance);
• implement tasks and plan activities in preparation for or under existing contracts;
• perform internal or external training;
• manage our payroll, bonus and compensation schemes, and further bookkeeping obligations;
• manage our HR records and update the MTN personnel databases and where relevant, manage and make available Personal Data within the MTN group of companies;
• carry out performance reviews, satisfaction surveys, and other people surveys;
• monitor our employees’ activities in the workplace, including compliance with internal policies as well as health and safety rules in place;
• manage our IT resources, including infrastructure management and business continuity;
• manage disciplinary processes;
• receive and handle internal or external complaints, grievances, or reports made to MTN in respect of the conduct of employees (for example through a compliance hotline);
• reply to an official request from a public or judicial authority with the necessary authorization;
• inform employees of internal events and leisure activities;
• send internal communications relevant to employees of MTN;
• comply with any legal obligations imposed on MTN in relation to its people;
• for the health and safety of employees;
• to monitor and evidence compliance with laws and internal policies (e.g. processing declarations made by the employee regarding conflicts of interest, gifts received or given out, or compliance with MTN policies. We also Process your Personal Data to meet MTN’s sanction compliance requirements regarding citizenship status);
• promote and market the MTN brand to the public (e.g., publicizing photographs taken from events on social media platforms, internal communications, and external communications);
• allow qualifying employees the opportunity to participate in pilot programs for new products or services; and
• to support any merger and acquisition activities (e.g., enable a transfer to a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of MTN’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it).

Further to the above, your computer-related Personal Data (e.g., username, installed software, IP address, computer name, location, etc.) is used for the purposes of tracking and managing computing assets such as software licensing and hardware systems, installation of additional software applications, etc. to the extent necessary for the purposes below:

• intrusion detection, system protection, monitoring, and logging;
• providing helpdesk services, including error reports and treatments as well as Processing IT related issues and problems; and
• preventing unauthorized third parties from accessing our sites.

Former Employees

Generally, we do not actively Process the Personal Data of former employees but do store former employees’ Personal Data in accordance with our retention policies and/or to comply with the retention periods prescribed in terms of Local Regulatory Requirements and Applicable Data Privacy Laws (s) that apply to MTN.

There may be circumstances that require us to actively Process the Personal Data of former employees for example:

• to support a third party with verification of employment at MTN (e.g., when requested to confirm whether an employee was employed at MTN and to provide factual information in respect of such employment);
• to manage any outstanding payroll, bonus and compensation schemes, and further bookkeeping obligations;
• to manage any pending and/or ongoing disciplinary action or litigation proceedings in any forum;
• to handle internal or external complaints, grievances, or reports made to MTN in respect of the conduct of former employees (for example through a compliance hotline);
• to reply to an official request from a public or judicial authority with the necessary authorization; and
• to comply with any legal obligations imposed on MTN in relation to former employees.

MTN will not further Process Personal Data for any purpose that is incompatible with the original purpose that the Personal Data was collected for unless:

• such further Processing is authorized in terms of Applicable Data Privacy Laws;
• we have obtained your consent to the further Processing;
• Further processing is necessary to comply with an obligation imposed by Local Regulatory Requirements or for conducting proceedings in a court or tribunal; or
• it is for scientific or historical research purposes or statistical purposes.

When we Process your Sensitive Personal Data, we will rely on one of the following legal bases as appropriate having regard to the purpose of Processing:

• You have given explicit consent to the Processing of your Sensitive Personal Data for one or more specified purposes. You may withdraw such consent at any time;
• Processing is necessary for the purposes of carrying out the obligations and exercising your or MTN’s specific rights in the field of employment and social security and social protection law;
• Processing is necessary to protect your vital interests or that of another natural person and you are physically or legally incapable of giving consent;
• Processing relates to Sensitive Personal Data which was intentionally made public by you;
• Processing is necessary for the establishment, exercise, or defense of legal claims or whenever courts are acting in their judicial capacity;
• Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of your working capacity, medical diagnosis, the provision of health or social care or treatment, or pursuant to a contract with a health professional who is subject to the obligation of professional secrecy in terms of local law or rules established by national competent bodies;
• Processing is necessary for scientific or historical research purposes or statistical purposes provided such Processing is proportionate to the aim pursued, MTN respects the essence of the right to data protection and MTN provides for suitable and specific measures to safeguard your fundamental rights and interests.
• Processing of Personal Data related to criminal behavior is obtained and used in accordance with the Local Regulatory Requirements.

Current Employees

There will be limited circumstances where we seek your consent to collect your Personal Data whilst employed at MTN. In these circumstances, the provision of your Personal Data is completely voluntary. For example, you may voluntarily choose whether or not to participate in MTN competitions, pilot programs for new services/products, share your dietary preferences for catering purposes, or be filmed or photographed as part of MTN’s campaigns or events.

MTN will indicate to you, at the time of collection, whether the provision of the Personal Data is mandatory either in its forms, written or verbal correspondence. When the provision of Personal Data is mandatory you are obliged to provide your Personal Data to us and we have established a lawful basis to collect that Personal Data from you. If you do not provide your Personal Data to us, we may either not be able to conduct the employment with you or, at least, you may be prejudiced when participating in certain processes such as performance feedback or career development.

Past Employees

It is voluntary for past employees to provide their Personal Data once their employment with MTN has concluded (for example in circumstances that past employees would like to participate in surveys or join the MTN Alumni).

MTN does not perform any automated decision making (including profiling) which results in legal consequences for you and/or which affects you in a similarly significant manner. Should this change in the future, we will notify you and update this privacy notice accordingly.

We make reasonable efforts to retain Personal Data only for so long as:

• the Personal Data is necessary to comply with our obligations to you in terms of our employment contract, policies, and procedures; and/or
• is necessary to comply with legal, regulatory, or internal policy requirements that may apply.

The retention of MTN Employee records will be in accordance with our retention policies and retention schedule These policies or relevant extracts may be requested by former employees by contacting MTN Data Protection Officer (DPO) .

Yes, we may share Personal Data with third parties, as necessary for our legitimate business needs, to carry out your requests, and/or as required or permitted by Local Regulatory Requirements and Applicable Data Privacy Law(s). This may include, but is not limited to:

• Our service providers: We transfer your Personal Data to our third-party service providers, such as our (IT) systems providers, our hosting providers, our payroll providers, consultants (such as legal advisers), and other goods and services providers. These providers Process your Personal Data on behalf of MTN in terms of a binding agreement with appropriate security safeguards. MTN will only transfer Personal Data to them when they meet our strict standards on the Processing of data and security. We only share Personal Data that allows our service providers to provide their services and they are not allowed to Process your Personal Data for any other purpose.
• If we are reorganized or sold to another organization: MTN will typically also disclose Personal Data in connection with the sale, assignment, or other transfer of the business to which the data relates.
• Courts, tribunals, law enforcement, or regulatory bodies: MTN will disclose Personal Data in order to respond to requests of courts, tribunals, government, or law enforcement agencies or where it is necessary or prudent to comply with Local Regulatory Requirements, court or tribunal orders or rules, or government regulations.
• Audits: disclosures of Personal Data will also be needed by our auditors including to perform financial audits, data privacy or security audits, and/or to investigate or respond to a complaint or security threat.
• Insurers: our business requirements mean that we carry significant insurance coverage in respect of business activities. There are several different participants in the insurance market (e.g., brokers, insurers, and reinsurers, as well as their professional advisors and other third parties involved should there be a claim). Some of these insurance market participants will require that we disclose Personal Data about you to them. The information will be used by the insurance market participants in the underwriting and ongoing administration of the insurance products, where there is a claim that you are relevant to and to allow the insurance market participants to comply with their legal and regulatory obligations. Some of these insurance market participants will handle this information on our behalf (like our service providers described above), but others will want to Process information about you independent of us.

Yes, MTN may transfer Personal Data outside of Liberia but only if such transfers are permitted in terms of Liberian Regulatory Requirements / Applicable Data Privacy Law(s).

MTN may transfer your Personal Data to other entities within the MTN group of companies. All MTN entities are bound by binding corporate rules which ensures that the MTN entity receiving your Personal Data protects your Personal Data in accordance with those binding corporate rules.

MTN may also transfer certain Personal Data outside of Liberia to third parties working with us or on our behalf for the purposes described in this Employee Privacy Notice. When transferring Personal Data internationally to third parties we will ensure your Personal Data will continue to be protected for example, by entering into binding data transfer agreements or by ensuring there are adequate data privacy laws, which require the relevant third party to adhere to the data handling and data protection requirements, acceptable to MTN.

MTN secures the integrity and confidentiality of the Personal Data in its possession or under its control by implementing appropriate, reasonable technical, physical, and organizational measures to prevent:

• accidental loss of, damage to, or unauthorized destruction of your Personal Data;
• unlawful or unauthorized access to / dissemination of your Personal Data; and
• unlawful or unauthorized Processing of your Personal Data.

As part of its processes, MTN takes reasonable measures to regularly identify and assess all reasonably foreseeable internal and external risks to Personal Data in its possession or under its control and implements reasonable and appropriate technical, physical, and organizational security measures to protect against the identified risks.

While MTN implements reasonable measures to prevent or reduce the likelihood and impact of Personal Data Breaches, this risk can’t be completely eliminated. If MTN becomes aware of or reasonably suspects a Personal Data Breach has occurred or that the integrity or confidentiality of Personal Data has been compromised, MTN adheres to its Personal Data Breach Management Procedure governing the handling and reporting of Personal Data Breaches. This guideline is available to MTN Current Employees on the [INSERT NAME OF INTRANET] MTN will report personal data breaches to the Data Privacy Regulator within 72 hours of knowledge of such breach.

If MTN Processes Personal Data about you, you have the following rights:

• Access and correction: you have the right to access the Personal Data retained by MTN. This is sometimes called a ‘Data Subject Access Request’. If we agree that we are obliged to provide Personal Data to you, we will provide it to you free of charge. Before providing Personal Data to you, we may ask for proof of identity and sufficient information about your interactions with us so that we can locate your Personal Data. If the Personal Data we hold about you is incorrect, you are entitled to ask us to correct any inaccuracies in the Personal Data.
• Object to Processing: you have the right to object to us Processing your Personal Data, on grounds relating to your particular situation, under certain circumstances. For example, if we are Processing your Personal Data on the basis that is necessary for purposes of our or a third party’s legitimate interest or in the public interest. You may also object if you believe there is no legal basis for us to Process your Personal Data anymore.
• Withhold consent: you have the right to withhold your consent without any fear of negative repercussions in circumstances in which we seek your consent to Process your Personal Data. If you experience any intimidation or negative repercussions for withholding your consent, you should report this to the MTN data protection officer at the address below.
• Withdraw consent: you also have the right to withdraw your consent at any time and we cease Processing your Personal Data unless there is an alternative legal basis to continue Processing your Personal Data. We will advise you if we intend to continue Processing your Personal Data in these circumstances.
• Disposal / Restrictions: in addition, you may have the right to have your information deleted/destroyed if we are keeping it too long or have no legal basis to Process it. You may also request that the Processing of your Personal Data is restricted in certain circumstances.
• Receive Information: You have the right to receive your Personal Data in a commonly used and machine-readable format and the right to transmit these data to another Data Controller when the processing is based on (explicit) consent or when the processing is necessary for the performance of a contract.
• MTN will, however, retain and use your personal information in accordance with applicable laws for retention of data, for as long as is necessary to provide you with our services and comply with legal and business obligations, resolution of disputes, and enforcement of this Notice among others.
• Lodge complaints: you have the right to lodge a complaint regarding the way your Personal Data is being Processed with MTN or if you believe there has been a breach of MTN privacy policies and/or data privacy laws.

You can make a request or exercise these rights by contacting MTN at ethics_risk_complaince.lr@mtn.com and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with Local Regulatory Requirements, Applicable Data Privacy Law(s), and internal policies.

If you have any questions or concerns regarding this Employee Privacy Notice and would like further information about how we protect your information and/or when you want to contact your local Data Protection Officer (DPO), please email us at ethics_risk_complaince.lr@mtn.com.

MTN may modify this Employee Privacy Notice from time to time to reflect our current privacy practices. When we make changes to this notice, we will revise the “effective” date at the top of this notice and any changes affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.